It's also possible that there are more in-depth detection methods and that this was just a cheap and easy first step that hasn't been removed because it catches a lot of less sophisticated bad actors.

It's unlikely that this will stop a big AI lab from distilling their model if they're really determined, but A) it may be enough to stop a bunch of fly-by-night token resellers looking to make a quick buck and B) you never know when one person at one of those big labs will mess up and forget to install whatever workaround they have and out themselves.

I think of it like if you have a problem with birds in your yard so you go buy one of those plastic owls. The owl scares away most of the birds, but not all of them, so you go and buy some ultrasonic noise thing to scare them away (I'm just making something up). Just because you bought the new ultrasonic thing though, that doesn't mean you're going to take the owl down. You leave it up because now you've got two layers of defense instead of one.

Well considering how Claude is vibe coded, I can't say I'm really surprised by sloppiness at all. I've been moving more towards Codex and OpenCode not because the the anthropic models are bad, but because Claude seems to break something new and annoying every day.

Claude Code are slopmaxxxing and you're considering their "judgement"? :-)

They also could have been much more interesting in the approach. LLMs can use their token distributions to generate stegotext that read like plausible prose but decode to payloads.¹

¹ https://github.com/hodgesmr/calgacus-mlx

These countermeasures aren't going to matter for much longer anyway. China has been able to hoover up plenty of training data through their proxies, and now DeepSeek V4 due to their incredibly cheap pricing.

At first I was agreeing with you, that this seemed like a sloppy way to implement this that was sure to be pretty quickly detected, but there is another possibility.

Anthropic could have implemented this not as a durable detection system against proxying resellers, but instead as a point-in-time sampling system to detect where (and with what context) proxying reselling is currently happening. Sure, it would be detected eventually, but in the meantime Anthropic could gain useful snapshot data.

It's just the first layer and there are multiple layers underneath this that we don't know about.

As a side note, I have a pet theory that one of the reasons that OpenAI and Anthropic are okay with the latest models not being released is to prevent distillation.

I think they want to wait a couple months and see if the Chinese models continue to keep catching up or if their gains are really just because they're distilling the frontier models.

From Anthropic: https://github.com/anthropics/claude-code/issues/62061#issue...

Dunno, it seems like the exact kind of thing Claude would think up if you asked it to subtly alter the system prompt to hide this info.

It's all a losing battle anyway.

I've seen Eve Online corporations that do a better job of steganographic marking than this.

Or they are doing both and this is the obvious part. Sort of like installing a bunch of real security cameras alongside a few fake ones

yeah, for example, just send a hash of the domain used. but then maybe people would say anthropic is spying on everyone, instead of targeted spying...

well if you ask claude how to implement something, you may not always get the optimal solution. this feels like something claude would spit back at you given a basic prompt

Have you looked into anything about Claude Code, how it’s configured, how it interacts with your system, etc? Because “sloppy” is a defining characteristic.

It’s even more funny how this blew in their faces. They even advertised pretty much all providers on hackernews home page. Here is in case you missed in the article

‘’’ cn baidu.com alibaba-inc.com alipay.com antgroup-inc.cn bytedance.net kuaishou.com xiaohongshu.com jd.com bilibili.co iflytek.com stepfun-inc.com moonshot.ai anyrouter.top claude-code-hub.app claude-opus.top openclaude.me proxyai.com yunwu.ai zenmux.ai

‘’’

You can view the full list here: https://cdn.thereallo.dev/blog/assets/cc-domains.js

const knownDomains = [ "cn", "sankuai.com", "netease.com", "163.com", "baidu-int.com", "baidu.com", "alibaba-inc.com", "alipay.com", "antgroup-inc.cn", "kuaishou.com", "bytedance.net", "xiaohongshu.com", "ctripcorp.com", "jd.com", "jdcloud.com", "bilibili.co", "iflytek.com", "stepfun-inc.com", "aliyuncs.com", "cn-shanghai.fcapp.run", "cn-beijing.fcapp.run", "xaminim.com", "moonshot.ai", "anyrouter.top", "packyapi.com", "aicodemirror.com", "aigocode.com", "hongshan.com", "iwhalecloud.com", "dhcoder.net", "lemongpt.top", "zhihuiapi.top", "intsig.net", "high-five-ai.xyz", "cloudsway.net", "4sapi.com", "529961.com", "88996.cloud", "88code.ai", "88code.org", "91code.pro", "992236.xyz", "ai.codeqaq.com", "ai.hybgzs.com", "ai.kjvhh.com", "aicanapi.com", "aicoding.sh", "aifast.site", "aihubmix.com", "anmory.com", "api.5202030.xyz", "api.ablai.top", "api.bianxie.ai", "api.bltcy.ai", "api.cpass.cc", "api.dev88.tech", "api.dreamger.com", "api.expansion.chat", "api.gueai.com", "api.holdai.top", "api.ikuncode.cc", "api.lconai.com", "api.linkapi.org", "api.mkeai.com", "api.nekoapi.com", "api.oaipro.com", "api.ruyun.fun", "api.ssopen.top", "api.tu-zi.com", "api.uglycat.cc", "api.v3.cm", "api.whatai.cc", "api.wpgzs.top", "api.xty.app", "api.yuegle.com", "api.zzyu.me", "apimart.ai", "apipro.maynor1024.live", "apiyi.com", "applyj.hiapi.top", "augmunt.com", "b4u.qzz.io", "clauddy.com", "claude-code-hub.app", "claude-opus.top", "claudeide.net", "co.yes.vg", "code.wenwen-ai.com", "code.x-aio.com", "codeilab.com", "cubence.com", "deeprouter.top", "dimaray.com", "dmxapi.com", "docs.aigc2d.com", "duckcoding.com", "fk.hshwk.org", "flapcode.com", "foxcode.hshwk.org", "foxcode.rjj.cc", "fuli.hxi.me", "getgoapi.com", "gpt.zhizengzeng.com", "gptgod.cloud", "gptkey.eu.org", "gptpay.store", "hdgsb.com", "henapi.top", "instcopilot-api.com", "jeniya.top", "jiekou.ai", "kg-api.cloud", "n1n.ai", "new-api.u4vr.com", "new.xychatai.com", "one-api.bltcy.top", "one.ocoolai.com", "oneapi.paintbot.top", "open.xiaojingai.com", "openclaude.me", "opus.gptuu.com", "poloai.top", "poloapi.top", "privnode.com", "proxyai.com", "qinzhiai.com", "right.codes", "runanytime.hxi.me", "sssaicode.com", "store.zzyus.top", "tiantianai.pro", "uiuiapi.com", "uniapi.ai", "vip.undyingapi.com", "wolfai.top", "wzw.de5.net", "wzw.pp.ua", "xairouter.com", "xaixapi.com", "xiaohuapi.site", "xiaohumini.site", "xy.poloapi.com", "yansd666.com", "yansd666.top", "yunwu.ai", "yunwu.zeabur.app", "zenmux.ai", ];

const labKeywords = [ "deepseek", "moonshot", "minimax", "xaminim", "zhipu", "bigmodel", "baichuan", "stepfun", "01ai", "dashscope", "volces", ]

I finally bought Claude Pro (I am not coding etc these days so I just wanted to try it). The Claude desktop app is downright pathetic. I mean they could write a better one just with their own LLMs. What's stopping them?

so all we need is someone to leak a sufficiently large amount of claude generations onto the open and private web for all other LLMs to mimic the same marking style?

wouldn't this happen due to the massive amounts of spam/slop being released?

It’s not surprising at all, they’re vibecoding Claude code so of course they are not going to get anything other than slop out of it. A novel or clever solution is just out of the question for them.